VYPR

Vendor CVEs

Lenovo

All CVEs

486 total · sorted by risk
  • CVE-2017-3746HigAug 29, 2017
    risk 0.51cvss 7.8epss 0.00

    ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges.

  • CVE-2017-3756HigAug 18, 2017
    risk 0.51cvss 7.8epss 0.00

    A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.

  • CVE-2017-3751HigAug 10, 2017
    risk 0.51cvss 7.8epss 0.00

    An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges.

  • CVE-2017-3748HigJun 29, 2017
    risk 0.51cvss 7.8epss 0.00

    On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).

  • CVE-2017-3745HigJun 20, 2017
    risk 0.51cvss 7.8epss 0.00

    In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and…

  • CVE-2015-4596HigJun 13, 2017
    risk 0.51cvss 7.8epss 0.00

    Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.

  • CVE-2016-8228HigJun 4, 2017
    risk 0.51cvss 7.8epss 0.00

    In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.

  • CVE-2016-1876HigMay 23, 2017
    risk 0.51cvss 7.8epss 0.00

    The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors.

  • CVE-2015-8110HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.01

    Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator…

  • CVE-2016-8235HigApr 10, 2017
    risk 0.51cvss 7.8epss 0.00

    Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.

  • CVE-2016-8227HigJan 26, 2017
    risk 0.51cvss 7.8epss 0.00

    Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.

  • CVE-2016-8225HigJan 26, 2017
    risk 0.51cvss 7.8epss 0.00

    Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges.

  • CVE-2016-8223HigNov 29, 2016
    risk 0.51cvss 7.8epss 0.00

    During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.

  • CVE-2016-5247HigSep 22, 2016
    risk 0.51cvss 7.8epss 0.00

    The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or…

  • CVE-2016-3804HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410.

  • CVE-2016-5249HigJun 30, 2016
    risk 0.51cvss 7.8epss 0.01

    Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly.

  • CVE-2016-2393HigApr 11, 2016
    risk 0.51cvss 7.8epss 0.00

    Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks.

  • CVE-2025-12048HigNov 12, 2025
    risk 0.49cvss 7.5epss 0.00

    An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system.

  • CVE-2025-10495HigNov 12, 2025
    risk 0.49cvss 7.5epss 0.00

    A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code.

  • CVE-2025-9319HigSep 11, 2025
    risk 0.49cvss 7.5epss 0.00

    A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions.

  • CVE-2024-4696HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited.

  • CVE-2024-3286HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request.

  • CVE-2023-4857HigApr 15, 2024
    risk 0.49cvss 7.5epss 0.01

    An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information.

  • CVE-2018-9065HigJul 30, 2018
    risk 0.49cvss 7.5epss 0.00

    In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA…

  • CVE-2018-9068HigJul 26, 2018
    risk 0.49cvss 7.5epss 0.01

    The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier…

  • CVE-2018-9067HigJul 13, 2018
    risk 0.49cvss 7.5epss 0.01

    The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI.

  • CVE-2017-3776HigApr 19, 2018
    risk 0.49cvss 7.5epss 0.01

    Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information.

  • CVE-2017-3768HigJan 26, 2018
    risk 0.49cvss 7.5epss 0.01

    An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common…

  • CVE-2017-3771HigOct 26, 2017
    risk 0.49cvss 7.5epss 0.01

    System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.

  • CVE-2017-3743HigJun 20, 2017
    risk 0.49cvss 7.5epss 0.01

    If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be…

  • CVE-2016-8231HigJun 4, 2017
    risk 0.49cvss 7.5epss 0.01

    In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.

  • CVE-2016-8230HigJun 4, 2017
    risk 0.49cvss 7.5epss 0.01

    In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.

  • CVE-2016-8236HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.01

    Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77.

  • CVE-2016-3944HigJun 3, 2016
    risk 0.49cvss 7.5epss 0.02

    UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.

  • CVE-2016-1350HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.

  • CVE-2025-6248HigJul 17, 2025
    risk 0.48cvss 7.4epss 0.00

    A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page with specially crafted content.

  • CVE-2024-27149HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2026-4134HigApr 15, 2026
    risk 0.47cvss 7.3epss 0.00

    During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges.

  • CVE-2024-8281HigSep 13, 2024
    risk 0.47cvss 7.2epss 0.01

    An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.

  • CVE-2024-8280HigSep 13, 2024
    risk 0.47cvss 7.2epss 0.01

    An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.

  • CVE-2024-8279HigSep 13, 2024
    risk 0.47cvss 7.2epss 0.01

    A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

  • CVE-2024-38512HigJul 26, 2024
    risk 0.47cvss 7.2epss 0.01

    A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.

  • CVE-2024-38511HigJul 26, 2024
    risk 0.47cvss 7.2epss 0.01

    A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

  • CVE-2024-38510HigJul 26, 2024
    risk 0.47cvss 7.2epss 0.01

    A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

  • CVE-2024-38509HigJul 26, 2024
    risk 0.47cvss 7.2epss 0.01

    A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.

  • CVE-2024-38508HigJul 26, 2024
    risk 0.47cvss 7.2epss 0.01

    A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request.

  • CVE-2023-4855HigApr 15, 2024
    risk 0.47cvss 7.2epss 0.01

    A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute unauthorized commands via IPMI.

  • CVE-2022-0354HigApr 22, 2022
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command…

  • CVE-2026-0827HigApr 15, 2026
    risk 0.46cvss 7.1epss 0.00

    During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file…

  • CVE-2015-8109HigApr 24, 2017
    risk 0.46cvss 7.0epss 0.00

    Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator…

Page 2 of 10